1) What is Info Sec?

Question 1

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Answer 1

information security

Question 2

Confidentiality, integrity, or availability?

A PIN code is required to log into an information asset.

Answer 2

Confidentiality

Question 3

Confidentiality, integrity, or availability?

Permissions are implemented to ensure access is restricted.

Answer 3

Integrity

Question 4

Confidentiality, integrity, or availability?

All systems are operational and accessible.

Answer 4

Availability

Question 5

Confidentiality, integrity, or availability?

Information is being protected by role-based access.

Answer 5

Confidentiality

Question 6

Confidentiality, integrity, or availability?

Data have not been modified from the original creation.

Answer 6

Integrity

Question 7

Ability to prevent data from being changed in an unauthorized manner.

Answer 7

Integrity

Question 8

Ability to protect data from those who are not authorized to view it.

Answer 8

Confidentiality

Question 9

Ability to access data when it is needed.

Answer 9

Availability

Question 10

Proper attribution to the owner or creator of the data.

Answer 10

Authenticity

Question 11

Physical disposition of the media on which data is stored.

Answer 11

Posession

Question 12

How useful the data is.

Answer 12

Utility

Question 13

Attack Type:

Eavesdropping on a phone.

Answer 13

Interception

Question 14

Attack Type:

DoS on a mail server.

Answer 14

Interruption

Question 15

Attack Type:

Altering a web server config file.

Answer 15

Modification

Question 16

Attack Type:

Spoofing emails.

Answer 16

Fabrication

Question 17

Something that has potential to cause harm.

Answer 17

Threat

Question 18

Weaknesses that can be used to harm us.

Answer 18

Vulnerability

Question 19

Likeliness that something bad will happen.

Answer 19

Risk

Question 20

The value of the asset is used to assess if a risk is present.

Answer 20

Impact

Question 21

Identifying and categorizing the assets we are trying to protect.

Answer 21

Identify Assets

Question 22

Begin to identify and categorize threats that could harm our assets.

Answer 22

Identify Threats

Question 23

Identify the weakness that exist in our assets.

Answer 23

Assess Vulnerabilities

Question 24

Assess if both a threat and a vulnerability exist.

Answer 24

Assess Risks

Question 25

Put controls in place.

Answer 25

Mitigate Risks

Question 26

What type of control should be used to mitigate the risk:

Server room access.

Answer 26

Physical

Question 27

What type of control should be used to mitigate the risk:

Work hour restrictions not set.

Answer 27

Logical

Question 28

What type of control should be used to mitigate the risk:

No acceptable use form for users.

Answer 28

Administrative

Question 29

What type of control should be used to mitigate the risk:

Unguarded building.

Answer 29

Physical

Question 30

What type of control should be used to mitigate the risk:

Password lockout not set.

Answer 30

Logical

Question 31

(T/F) Using the concept of defense in depth we can protect ourselves against someone using a USB flash drive to remove confidential data from an office space within our building.

Answer 31

True

Question 32

Protects information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Answer 32

Information Security

Question 33

Companies that process credit card payments must comply with this set of standards.

Answer 33

PCI DSS

Question 34

Companies that process credit card payments must comply with PCI DSS. What does PCI DSS stand for?

Answer 34

Payment Card Industry Data Security Standard

Question 35

Used to keep something private or minimally known.

Answer 35

Confidentiality

Question 36

Refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner.

Answer 36

Integrity

Question 37

Refers to the ability to access our data when we need it.

Answer 37

Availability

Question 38

A type of attack, primarily against confidentiality.

Answer 38

Interception

Question 39

Something that has the potential to cause harm to our assets.

Answer 39

Threat

Question 40

A weakness that can be used to harm us.

Answer 40

Vulnerability

Question 41

The likelihood that something bad will happen.

Answer 41

Risk

Question 42

An attack that causes our assets to become unusable or unavailable for our use, on a temporary or permanent basis.

Answer 42

Interruption attack

Question 43

An attack that involves tampering with our assets.

Answer 43

Modification attack

Question 44

A model that adds three more principles to the CIA triad: possession or control, utility, and authenticity.

Answer 44

Parkerian hexad

Question 45

The physical disposition of the media on which the data is stored.

Answer 45

Possession or control

Question 46

Allows for attribution as to the owner or creator of the data in question.

Answer 46

Authenticity

Question 47

Refers to how useful the data is to us.

Answer 47

Utility

Question 48

An attack that involves generating data, processes, communications, or other similar activities with a system.

Answer 48

Fabrication attack

Question 49

One of the first and most important steps of the risk management process.

Answer 49

Identify assets

Question 50

A multilayered defense that will allow us to achieve a successful defense should one or more of our defensive measures fail.

Answer 50

Defense in depth

Question 51

Based on rules, laws, policies, procedures, guidelines, and other items that are “paper” in nature.

Answer 51

Administrative controls

Question 52

Sometimes called technical controls, these protect the systems, networks, and environments that process, transmit, and store our data.

Answer 52

Logical controls

Question 53

Controls that protect the physical environment in which our systems sit, or where our data is stored.

Answer 53

Physical controls

Question 54

Involves putting measures in place to help ensure that a given type of threat is accounted for.

Answer 54

Mitigating Risk

Question 55

The risk management phase that consists of all of the activities that we can perform in advance of the incident itself, in order to better enable us to handle it.

Answer 55

Preparation phase

Question 56

The risk management phase where we detect the occurrence of an issue and decide whether it is actually an incident so that we can respond to it appropriately.

Answer 56

Detection and analysis phase

Question 57

The risk management phase where we determine specifically what happened, why it happened, and what we can do to keep it from happening again.

Answer 57

Post-incident activity phase

Question 58

To completely remove the effects of the issue from our environment.

Answer 58

Eradication

Question 59

Taking steps to ensure that the situation does not cause any more damage that it already has, or at the very least, lessen any ongoing harm.

Answer 59

Containment

Question 60

Restore to a better state.

Answer 60

Recover

Question 61

The Interception attack type most commonly affects which principle(s) of the CIA triad?

Answer 61

Confidentiality

Question 62

The Fabrication attack type most commonly affects which principle(s) of the CIA triad?

Answer 62

Integrity and Availability

Question 63

What is the first and arguably one of the most important steps of the risk management process?

Answer 63

Identify assets

Question 64

Something that has the potential to cause harm to our assets.

Answer 64

Threat

Question 65

During what phase of the incident response process do we determine what happened, why it happened, and what we can do to keep it from happening again?

Answer 65

Post-incident Activity

Question 66

Controls that protect the systems, networks, and environments that process, transmit, and store our data.

Answer 66

Logical controls